[Git][security-tracker-team/security-tracker][master] Reserve DLA-4004-1 for opensc
Guilhem Moulin (@guilhem)
guilhem at debian.org
Sat Dec 28 13:06:56 GMT 2024
Guilhem Moulin pushed to branch master at Debian Security Tracker / security-tracker
Commits:
675339ae by Guilhem Moulin at 2024-12-28T14:06:39+01:00
Reserve DLA-4004-1 for opensc
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -29722,7 +29722,6 @@ CVE-2024-44838 (RapidCMS v1.3.1 was discovered to contain a SQL injection vulner
CVE-2024-8443 (A heap-based buffer overflow vulnerability was found in the libopensc ...)
- opensc 0.25.1-2.1 (bug #1082853)
[bookworm] - opensc <no-dsa> (Minor issue)
- [bullseye] - opensc <postponed> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2310494
NOTE: https://github.com/OpenSC/OpenSC/wiki/CVE-2024-8443
NOTE: Fixed by https://github.com/OpenSC/OpenSC/commit/02e847458369c08421fd2d5e9a16a5f272c2de9e (0.26.0-rc1)
@@ -30818,38 +30817,32 @@ CVE-2024-37136 (Dell Path to PowerProtect, versions 1.1, 1.2, contains an Exposu
CVE-2024-45620 (A vulnerability was found in the pkcs15-init tool in OpenSC. An attack ...)
- opensc 0.25.1-2.1 (bug #1082864)
[bookworm] - opensc <no-dsa> (Minor issue)
- [bullseye] - opensc <postponed> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2309289
NOTE: https://github.com/OpenSC/OpenSC/wiki/CVE-2024-45620
CVE-2024-45619 (A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, min ...)
- opensc 0.25.1-2.1 (bug #1082863)
[bookworm] - opensc <no-dsa> (Minor issue)
- [bullseye] - opensc <postponed> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2309288
NOTE: https://github.com/OpenSC/OpenSC/wiki/CVE-2024-45619
CVE-2024-45618 (A vulnerability was found in pkcs15-init in OpenSC. An attacker could ...)
- opensc 0.25.1-2.1 (bug #1082862)
[bookworm] - opensc <no-dsa> (Minor issue)
- [bullseye] - opensc <postponed> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2309287
NOTE: https://github.com/OpenSC/OpenSC/wiki/CVE-2024-45618
CVE-2024-45617 (A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, min ...)
- opensc 0.25.1-2.1 (bug #1082861)
[bookworm] - opensc <no-dsa> (Minor issue)
- [bullseye] - opensc <postponed> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2309286
NOTE: https://github.com/OpenSC/OpenSC/wiki/CVE-2024-45617
CVE-2024-45616 (A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, min ...)
- opensc 0.25.1-2.1 (bug #1082860)
[bookworm] - opensc <no-dsa> (Minor issue)
- [bullseye] - opensc <postponed> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2309290
NOTE: https://github.com/OpenSC/OpenSC/wiki/CVE-2024-45616
NOTE: https://github.com/OpenSC/OpenSC/security/advisories/GHSA-h5f7-rjr5-vx54
CVE-2024-45615 (A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, min ...)
- opensc 0.25.1-2.1 (bug #1082859)
[bookworm] - opensc <no-dsa> (Minor issue)
- [bullseye] - opensc <postponed> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2309285
NOTE: https://github.com/OpenSC/OpenSC/wiki/CVE-2024-45615
NOTE: https://github.com/OpenSC/OpenSC/security/advisories/GHSA-p3mx-7472-h3j8
@@ -90748,7 +90741,6 @@ CVE-2024-1459 (A path traversal vulnerability was found in Undertow. This issue
CVE-2024-1454 (The use-after-free vulnerability was found in the AuthentIC driver in ...)
- opensc 0.25.0~rc1-1
[bookworm] - opensc <no-dsa> (Minor issue)
- [bullseye] - opensc <no-dsa> (Minor issue)
[buster] - opensc <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2263929
NOTE: https://github.com/OpenSC/OpenSC/wiki/CVE-2024-1454
@@ -93083,7 +93075,6 @@ CVE-2024-1062 (A heap overflow flaw was found in 389-ds-base. This issue leads t
CVE-2023-5992 (A vulnerability was found in OpenSC where PKCS#1 encryption padding re ...)
- opensc 0.25.0~rc1-1 (bug #1064189)
[bookworm] - opensc <no-dsa> (Minor issue)
- [bullseye] - opensc <no-dsa> (Minor issue)
[buster] - opensc <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2248685
NOTE: https://github.com/OpenSC/OpenSC/wiki/CVE-2023-5992
@@ -109085,7 +109076,6 @@ CVE-2023-40661 (Several memory vulnerabilities were identified within the OpenSC
{DLA-3668-1}
- opensc 0.23.0-2 (bug #1055522)
[bookworm] - opensc 0.23.0-0.3+deb12u1
- [bullseye] - opensc <no-dsa> (Minor issue)
NOTE: https://github.com/OpenSC/OpenSC/issues/2792#issuecomment-1674806651
NOTE: https://github.com/OpenSC/OpenSC/wiki/CVE-2023-40661
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2240913#c1
@@ -109093,7 +109083,6 @@ CVE-2023-40660 (A flaw was found in OpenSC packages that allow a potential PIN b
{DLA-3668-1}
- opensc 0.23.0-2 (bug #1055521)
[bookworm] - opensc 0.23.0-0.3+deb12u1
- [bullseye] - opensc <no-dsa> (Minor issue)
NOTE: https://github.com/OpenSC/OpenSC/issues/2792#issuecomment-1674806651
NOTE: https://github.com/OpenSC/OpenSC/wiki/CVE-2023-40660
NOTE: Fixed by: https://github.com/OpenSC/OpenSC/commit/868f76fb31255fd3fdacfc3e476452efeb61c3e7 (0.24.0-rc1)
@@ -131992,7 +131981,6 @@ CVE-2023-2978 (A vulnerability was found in Abstrium Pydio Cells 4.2.0. It has b
CVE-2023-2977 (A vulnerbility was found in OpenSC. This security flaw cause a buffer ...)
{DLA-3463-1}
- opensc 0.23.0-0.3 (bug #1037021)
- [bullseye] - opensc <no-dsa> (Minor issue)
NOTE: https://github.com/OpenSC/OpenSC/issues/2785
NOTE: https://github.com/OpenSC/OpenSC/pull/2787
NOTE: Fixed by: https://github.com/OpenSC/OpenSC/commit/81944d1529202bd28359bede57c0a15deb65ba8a
@@ -256387,7 +256375,6 @@ CVE-2021-42783 (Missing Authentication for Critical Function vulnerability in de
CVE-2021-42782 (Stack buffer overflow issues were found in Opensc before version 0.22. ...)
{DLA-3463-1}
- opensc 0.22.0-1
- [bullseye] - opensc <no-dsa> (Minor issue)
[stretch] - opensc <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2016448
NOTE: https://github.com/OpenSC/OpenSC/commit/78cdab949f098ad7e593d853229fccf57d749d0c (0.22.0-rc1)
@@ -256398,7 +256385,6 @@ CVE-2021-42782 (Stack buffer overflow issues were found in Opensc before version
CVE-2021-42781 (Heap buffer overflow issues were found in Opensc before version 0.22.0 ...)
{DLA-3463-1}
- opensc 0.22.0-1
- [bullseye] - opensc <no-dsa> (Minor issue)
[stretch] - opensc <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2016439
NOTE: https://github.com/OpenSC/OpenSC/commit/17d8980cde7be597afc366b7e311d0d7cadcb1f4 (0.22.0-rc1)
@@ -256409,7 +256395,6 @@ CVE-2021-42781 (Heap buffer overflow issues were found in Opensc before version
CVE-2021-42780 (A use after return issue was found in Opensc before version 0.22.0 in ...)
{DLA-3463-1}
- opensc 0.22.0-1
- [bullseye] - opensc <no-dsa> (Minor issue)
[stretch] - opensc <no-dsa> (Minor issue)
NOTE: https://github.com/OpenSC/OpenSC/commit/5df913b7f57ad89b9832555d24c08d23a534311e (0.22.0-rc1)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28383
@@ -256417,14 +256402,12 @@ CVE-2021-42780 (A use after return issue was found in Opensc before version 0.22
CVE-2021-42779 (A heap use after free issue was found in Opensc before version 0.22.0 ...)
{DLA-3463-1}
- opensc 0.22.0-1
- [bullseye] - opensc <no-dsa> (Minor issue)
[stretch] - opensc <no-dsa> (Minor issue)
NOTE: https://github.com/OpenSC/OpenSC/commit/1db88374bb7706a115d5c3617c6f16115c33bf27 (0.22.0-rc1)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28843
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2016086
CVE-2021-42778 (A heap double free issue was found in Opensc before version 0.22.0 in ...)
- opensc 0.22.0-1
- [bullseye] - opensc <no-dsa> (Minor issue)
[buster] - opensc <not-affected> (Vulnerable code introduced later)
[stretch] - opensc <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/OpenSC/OpenSC/commit/f015746d22d249642c19674298a18ad824db0ed7 (0.22.0-rc1)
@@ -279351,7 +279334,6 @@ CVE-2021-34194
RESERVED
CVE-2021-34193 (Stack overflow vulnerability in OpenSC smart card middleware before 0. ...)
- opensc 0.22.0-1
- [bullseye] - opensc <no-dsa> (Minor issue)
[buster] - opensc <no-dsa> (Minor issue)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28185
NOTE: https://github.com/OpenSC/OpenSC/commit/f015746d22d249642c19674298a18ad824db0ed7 (0.22.0-rc1)
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[28 Dec 2024] DLA-4004-1 opensc - security update
+ {CVE-2021-34193 CVE-2021-42778 CVE-2021-42779 CVE-2021-42780 CVE-2021-42781 CVE-2021-42782 CVE-2023-2977 CVE-2023-5992 CVE-2023-40660 CVE-2023-40661 CVE-2024-1454 CVE-2024-8443 CVE-2024-45615 CVE-2024-45616 CVE-2024-45617 CVE-2024-45618 CVE-2024-45619 CVE-2024-45620}
+ [bullseye] - opensc 0.21.0-1+deb11u1
[26 Dec 2024] DLA-4003-1 node-postcss - security update
{CVE-2021-23566 CVE-2023-44270 CVE-2024-55565}
[bullseye] - node-postcss 8.2.1+~cs5.3.23-8+deb11u1
=====================================
data/dla-needed.txt
=====================================
@@ -128,11 +128,6 @@ nvidia-cuda-toolkit
openafs (abhijith)
NOTE: 20241207: Added by Front-Desk (santiago)
--
-opensc (guilhem)
- NOTE: 20240815: Added by Front-Desk (Beuc)
- NOTE: 20240815: Follow fixes from buster DLA-3463-1 (5 CVEs) and bookworm 12.4 (2 CVEs) (Beuc/front-desk)
- NOTE: 20241223: More tests needed; would to have the fix in sid first, sid+bookworm NMU debdiffs sent to maintainer
---
python-aiohttp
NOTE: 20240523: Added by oldstable Security Team (jmm)
NOTE: 20240815: A bookworm DSA is planned (Beuc/front-desk)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/675339ae7d723b07711d2a76036af590c2df8118
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/675339ae7d723b07711d2a76036af590c2df8118
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241228/d89264c9/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list